Response to the Office Action of March 10, 2009 
Serial No, 10/733.326 



REMARKS 

Claims 1-4, 6-16, 18-26 and 28-34 are pending in the present application. 
Claims 5, 17 and 27 have been cancelled by way of a previous amendment. 

The Examiner has rejected claims 1-4, 6, 9-16, 18, 21-26, 28 and 31-34 
under 35 U S C. § 103(a) as being unpatentable over US patent Publication No. 
2003/00051 18 to Williams (hereinafter "Williams") in view of US patent Publication No. 
2004/0210771 to Wood et al. (hereinafter "Wood") in further view of US Patent No. 
7,099,946 to Lennon et al. (hereinafter "Lennon"). 

The Office Action was issued following the United States Supreme Court's 
decision in the case of KSR [nt] Co. v. Teleflex Inc. , No. 04-1350 (April 30, 2007). In 
light of the KSR decision, Applicant wishes to address various issues pertaining to a 
proper analysis under section 1 03. 

The Examiner, by citing three and four references and asserting a reason 
for combining elements from the three and four references, has elected to base the 
rejection of claims 1-34 upon a teaching, suggestion or motivation to select and 
combine features from the cited references. Applicant wishes to point out that the 
Supreme Court's KSR decision did not reject use of a "teaching, suggestion or 
motivation" analysis as part of an obviousness analysis, characterizing the analysis as 
"a helpful insight." KSR slip op. at 14-15. 
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When the Examiner chooses to base a rejection upon a teaching, 
suggestion or motivation analysis, the Examiner must satisfy the requirements of such 
an analysis. In particular, the Examiner must demonstrate with evidence and reasoned 
argument that there was a teaching, suggestion or motivation to select and combine 
features from the cited references, e.g., In re Lee, 61 USPQ2d 1430, 1433 (Fed. Cir. 
2002). Moreover, the prior art must suggest the desirability of the combination, not 
merely the feasibility, see In re Fulton , 73 USPQ2d 1 141 , 1 145 (Fed. Cir. 2004). 

In the event that the cited references fail to disclose or suggest all of the 
elements recited in the claims, then combining elements from the references would not 
yield the claimed subject matter, regardless of the extent of any teaching, suggestion or 
motivation. 

Although the Supreme Court did not reject use of a "teaching, suggestion 
or motivation" analysis, the Supreme Court did say that it was not the only possible 
analysis of an obviousness question. Because of the Examiner's chosen ground for 
rejection, however, the only pending ground for rejection must be a "teaching, 
suggestion or motivation" analysis. In the event that the Examiner chooses to consider a 
different avenue for rejection, this would be a new ground for rejection not due to any 
action by Applicant. Applicant has a right to be heard on any new ground for rejection. 

Applicant further respectfully reminds the Examiner that, even after KSR . 
the following legal principles are still valid, having been endorsed by the Supreme Court 
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or having been unaffected by its decision; (1) the USPTO still has the burden of proof 
on the issue of obviousness; (2) the USPTO must base its decision upon evidence, and 
it must support its decision with articulated reasoning (slip op. at 14); (3) merely 
demonstrating that all elements of the claimed invention exist in the prior art is not 
sufficient to support a determination of obviousness (slip op. at 14-15); (4) hindsight has 
no place in an obviousness analysis (slip op. at 17); and (5) Applicant is entitled to a 
careful, thorough, professional examination of the claims (slip op. at 7, 23, in which the 
Supreme Court remarked that a poor examination reflected poorly upon the USPTO). 

As described in paragraph [0038] of the present application as published, 
a first server may determine that a request, received from a browser, for a web page 
requires redirection to a second server Accompanying the request is an encrypted 
session token. The Applicant has figured out that the second server may not be able to 
decrypt the session token so as to obtain a session ID and a timestamp. Accordingly, 
while redirecting the request to the second server, the first server transmits the session 
ID and timestamp directly to the second server. Subsequently, the second server 
receives the redirected request from the browser. Conveniently, the second server may 
determine, based on the session ID and timestamp received from the first server, that 
the request relates to a valid session. Upon determining that the request relates to a 
valid session, the second server may serve the web page requested in the request. 

Claim 1 requires "redirecting said request to the second server, including 



Page 4 of 12 



Response to the Office Action of March 10, 2009 
Serial No. 1 0/733.326 

transmitting said session ID and said timestamp directly to the second server". 

The Examiner correctly notes that Williams discloses redirecting a 
received request. However, it important to note, further, that Williams redirects "If a 
request from a client to a protected server does not include a single-use domain token" 
(see paragraph [0067]). The Examiner admits that Williams does not specifically 
disclose including the transmission of said token to the second server in a redirect 
request. It should be clear that Williams does not disclose such transmission because 
Williams only redirects a request when no token is received . 

The Examiner then cites Wood to show transmission of a session token 
with a redirect response. However, a careful read of Wood shows that the session token 
transmitted with the redirect (5) response is a new session token {see paragraph 
[0051]), not a session token received with a request from a browser and decrypted to 
obtain a session ID and a timestamp as required by claim 1 . 

The Examiner admits that Williams-Wood does not specifically disclose, in 
the Examiner's words, "direct transmission of a session ID and additional session state 
information such as a time/date parameter between two systems". However, this 
appears to contradict the Examiner's indication (in section 3.1 of the Response to 
Arguments in the Final Office Action of March 10, 2009) that "Wood discloses direct 
transfer of session state parameters such as session ID parameter and time/date 
parameter between network-connected entities (see Wood paragraph [0050], line 15- 
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17: some parameters can be passed directly between systems)". 

Even though Wood discloses that some parameters can be passed 
directly between systems, the Applicant submits that the only parameters discussed are 
"required trust level, requested URL and credential passing method". It seems unlikely 
that the gatekeeper/entry handler component 1 10 would transmit to the login 
component 120 a timestamp of a session token just created. 

The Examiner then cites Lennon to illustrate that such direct transmission 

was known. 

In the response filed 12-3-2008, the Applicant argued that Lennon only 
indicates disclosure of transfer (between media browsers) of "a session identifier and a 
key for decoding the media associated with the media browsing session". The Applicant 
respectfully submitted that the disclosed key is not equivalent to the claimed timestamp . 
Responsively, the Examiner noted that Williams discloses that a session token may 
include a timestamp. In such a case, it is unclear what role Lennon plays in the rejection 
of claim 1 , but to indicate that data can be transmitted from one network entity executing 
a browser to another network entity executing a browser. 

One the one hand, the protected server Williams may receive a request 
with a token, decrypt the token and verify a session. In this case, there is no motivation 
to redirect the "request to the second server, including transmitting said session ID and 
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said timestamp directly to the second server* as required by claim 1 . 

On the other hand, the protected server Williams may receive a request 
with no token and responsively "redirect the client to the CDC to perform a login 
process" (see paragraph [0067]). Through combination with Wood, the redirect may be 
accompanied by a session token. Through combination with Lennon, rather than 
sending the session token to the client, the protected server transmits a session ID and 
a key to the Cookie Distribution Center (CDC). In this case, there is no motivation to 
decrypt the "encrypted session token at the first server to obtain a session ID and a 
timestamp". In particular, there is no motivation to decrypt the encrypted session token, 
since, in this case, no encrypted session token has been received. The only encrypted 
session token present is the token generated according to Wood for sending with the 
redirect. 

Since there is no motivation to combine Williams, Wood and Lennon in a 
manner that provides the person of ordinary skill with the method of claim 1 , the 
Applicant submits that claim 1 is not obvious over Williams in view of Wood in further 
view of Lennon. The Applicant respectfully requests that the Examiner withdraw the 
rejection of claim 1 , and claims 2-4, 6 and 9-12 dependent, either directly or indirectly, 
thereon, as obvious over Williams in view of Wood in further view of Lennon. 

Claim 13 is directed to a system for secure session management. The 
system of claim 1 3 includes a first server including a first request handler and a second 
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server including the requested web page. Claim 13 requires that the first request 
handler be "adapted to redirect the request to said second server and transmit the 
session ID and said timestamp directly to said second server". In Williams, "If a request 
from a client to a protected server does not include a single-use domain token, the 
protected server can redirect the client to the CDC to perform a login process" 
(paragraph [0067]). In Wood, "A session token is passed to browser 170 in conjunction 
with the redirect (5) to login component 120." Notably, neither Williams nor Wood are 
adapted to redirect a request to a second server, where the second server includes the 
requested web page. The Williams redirect is to a Cookie Distribution Center 202. The 
Wood redirect is to login component 120. Lennon has not been cited for redirecting a 
request. Even so, in Lennon, the requested content is on the same server to which the 
original request is transmitted. Accordingly, Lennon does not disclose a first request 
handler be "adapted to redirect the request to said second server and transmit the 
session ID and said timestamp directly to said second server". 

The Applicant submits that neither Williams, nor Wood, nor Lennon nor a 
combination of Williams, Wood and Lennon suggest or disclose a first request handler 
transmitting a session ID and a timestamp, obtained by decrypting an encrypted session 
token, directly to a second server, where the second server includes the requested web 
page. Accordingly, the Applicant submits that the system of claim 13 is not obvious over 
Williams in view of Wood in further view of Lennon. The Applicant respectfully requests 
that the Examiner withdraw the rejection of claim 13, and claims 14-16, 18 and 21 
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dependent, either directly or indirectly, thereon, as obvious over Williams in view of 
Wood in further view of Lennon. 

Claim 23 is directed to a computer program product having a computer- 
readable medium tangibly embodying computer executable instructions for secure 
session management according to the method of claim 1 . 

With arguments similar to those presented in defense of the non- 
obviousness of claim 1 , there is no motivation to combine Williams, Wood and Lennon 
in a manner that provides the person of ordinary skill with the computer program 
product of claim 23. Accordingly, the Applicant submits that claim 23 is not obvious over 
Williams in view of Wood in further view of Lennon. The Applicant respectfully requests 
that the Examiner withdraw the rejection of claim 23, and claims 24-26, 28 and 31-34 
dependent, either directly or indirectly, thereon, as obvious over Williams in view of 
Wood in further view of Lennon. 

The Examiner has rejected claims 7 and 8 under 35 U.S.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Lennon in further 
view of US Patent No. 5,907,621 to Bachman et al. (hereinafter "Bachman"). Claims 7 
and 8 depend directly and indirectly, respectively, from claim 1 and add limitations. The 
Examiner contends that the combination of Williams, Wood and Lennon discloses most 
of the subject matter of claims 7 and 8 and cites Bachman to illustrate that the additional 
limitations added by claims 7 and 8 were known at the time the claimed inventions were 

Page 9 of 12 



Response to the Office Action of March 10, 2009 
Serial No. 1CV733.326 

made. Without regard to whether Bachman discloses the limitations added by claims 7 
and 8, the Applicant submits that Bachman does not provide motivation for carrying out 
all four of the elements of the method of claim 1 . 

Since there is no motivation to combine Williams, Wood, Lennon and 
Bachman in a manner that provides the person of ordinary skill with the method of 
claims 7 and 8, the Applicant submits that claims 7 and 8 are patentable over Williams 
in view of Wood in further view of Lennon in further view of Bachman. The Applicant 
respectfully requests that the Examiner withdraw the rejection of claims 7 and 8 as 
obvious. 

The Examiner has rejected claims 19 and 20 under 35 US.C. § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Lennon in further 
view of Bachman. Claims 19 and 20 depend indirectly from claim 13 and add limitations. 
The Examiner contends that the combination of Williams, Wood and Lennon discloses 
most of the subject matter of claims 19 and 20 and cites Bachman to illustrate that the 
additional limitations added by claims 19 and 20 were known at the time the claimed 
inventions were made. Without regard to whether Bachman discloses the limitations 
added by claims 19 and 20, the Applicant submits that Bachman does not suggest or 
disclose a first request handler transmitting a session ID and a timestamp directly to a 
second server, as required by claim 13. 

Since it is submitted that neither Williams, nor Wood, nor Lennon, nor 
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Bachman, nor a combination of Williams, Wood, Lennon and Bachman suggest or 
disclose a first request handler transmitting a session ID and a timestamp, received 
along with a request, directly to a second server, it is further submitted that the system 
of claims 19 and 20 are patentable over Williams in view of Wood in further view of 
Lennon in further view of Bachman. It is respectfully requested that the Examiner 
withdraw the rejection of claims 19 and 20 as obvious. 

The Examiner has rejected claims 29 and 30 under 35 U.SC § 103(a) as 
being unpatentable over Williams in view of Wood in further view of Lennon in further 
view of Bachman. Claims 29 and 30 depend indirectly from claim 23 and add limitations. 
The Examiner contends that Williams, Wood and Lennon disclose most of the subject 
matter of claims 29 and 30 and cites Bachman to illustrate that the additional limitations 
added by claims 29 and 30 were known at the time the claimed inventions were made. 
Without regard to whether Bachman discloses the limitations added by claims 29 and 
30, the Applicant submits that Bachman does not provide motivation in a manner that 
provides the person of ordinary skill with the computer program products of claims 29 
and 30. 

Since there is no motivation to combine Williams, Wood, Lennon and 
Bachman in a manner that provides the person of ordinary skill with the computer 
program products of claims 29 and 30, the Applicant submits that claims 29 and 30 are 
patentable over Williams in view of Wood in further view of Lennon in further view of 
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Bachman. The Applicant respectfully requests that the Examiner withdraw the rejection 
of claims 29 and 30 as obvious. 



Favourable reconsideration and allowance of this application are respectfully 
requested. Should the Examiner believe however that additional amendments to the claims 
may be required to secure allowance of this application; he is invited to telephone the 
undersigned at the below-noted number to facilitate further prosecution of this application. 

Respectfully Submitted, 
PETROVIC, Sladjana 

By: /Colin Climie/ 

Colin Climie, Regn. No.56036 



Place: Toronto, Ontario, Canada 
Date: May 8, 2009 
Telephone No.: 416-868-1482 
Customer No. 23577 
Ridout & Maybee LLP 
225 King Street West 
10 th Floor 

Toronto, Ontario M5V 3M2 
Canada 
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